Commit Graph

165 Commits

Author SHA1 Message Date
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Bernhard Miklautz
4592deee72 extend /size to allow width or height percentages (#4146)
If the size parameter is used with a percentages like /size:50% now
an additional 'w' or 'h' can be appended (like /size:50%w) to specify
where the percentage should be applied. If both or none are set the
behavior is like it was before and the percentage is applied to width
and height.
2017-09-25 09:35:49 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097)
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262 fseeko and ftello for 64bit file support. 2017-08-14 08:42:49 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
David Fort
48163a27db Merge pull request #3906 from akallabeth/addin_cast_fix
Addin cast fix
2017-05-22 11:12:05 +02:00
Armin Novak
f414522b7a Added setting for QoeAck. 2017-05-18 14:07:09 +02:00
Armin Novak
9713b63c26 Fixed addin tables and casts. 2017-04-10 10:38:57 +02:00
Armin Novak
09d43a66f4 Fixed tests and dead store warnings. 2017-03-28 16:49:56 +02:00
Norbert Federa
71ce3378da Merge pull request #3665 from realjiangms/fix_ssl_add_all_digests
Winpr/openssl: Fix digests initialization in multi-thread
2017-01-13 09:46:14 +01:00
akallabeth
3762401d43 Merge pull request #1750 from ccpp/master
Support for HTTP-Proxy
2017-01-11 11:02:00 +01:00
Armin Novak
6d075ad719 Add "Ex" interface support for external channels
Support the VirtualChannelEntryEx interface also for channels that are
not static (as in compiled in).
2016-12-28 11:21:14 +01:00
zihao.jiang
a505a6cd27 Winpr/openssl: Fix digests initialization in multi-thread
SSL functions like OpenSSL_add_all_digests should be invoked at very beginning as they are not MT safe.
If not we might meet double free exception as following:

 #0  0x00007f23ddd71c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
 #1  0x00007f23ddd75028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
 #2  0x00007f23dddae2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #3  0x00007f23dddba55e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #4  0x00007f23dc6ecfcd in CRYPTO_free () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #5  0x00007f23dc6ef8d1 in OBJ_NAME_add () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #6  0x00007f23dc77dcd8 in EVP_add_digest () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #7  0x00007f23dc782321 in OpenSSL_add_all_digests () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #8  0x00007f23c781da28 in winpr_openssl_get_evp_md (md=4) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:52
 #9  0x00007f23c781dccb in winpr_Digest_Init (ctx=0x7f22d064d470, md=<optimized out>) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:344
 #10 0x00007f23d486139b in security_salted_mac_signature (rdp=0x7f23859f5a20, data=0x7f238542d4fb "\004\204\022\004", length=4743, encryption=<optimized out>, output=0x7
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/security.c:378
 #11 0x00007f23d488d73f in fastpath_send_update_pdu (fastpath=<optimized out>, updateCode=4 '\004', s=0x7f23859f5f40, skipCompression=true)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/fastpath.c:1076
 #12 0x00007f23d4891c4f in update_send_surface_frame_bits (context=0x7f23859f5540, cmd=0x7f22b2ffcc80, first=true, last=true, frameId=6)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/update.c:1041

Related reports: https://rt.openssl.org/Ticket/Display.html?id=2216&user=guest&pass=guest
2016-12-28 03:48:40 +08:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Christian Plattner
58ef7cc42d More abstracted proxy handling 2016-12-10 23:13:35 +01:00
Christian Plattner
a72c184108 Bugfix setting HTTP proxy name (fixes environment variable detection) 2016-12-10 19:00:32 +01:00
Christian Plattner
5d10b3bf5b Merge branch 'gateway-http-bugfix'
Conflicts:
	client/common/cmdline.c
	include/freerdp/settings.h
	libfreerdp/common/settings.c
	libfreerdp/core/settings.c
	libfreerdp/core/tcp.c
	libfreerdp/core/transport.c
2016-12-09 20:43:02 +01:00
Armin Novak
c33754ae1d Fixed unused and uninitialized warnings. 2016-12-01 15:36:49 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Armin Novak
3f6bd603e9 Fixed addin loader, prefer system library paths. 2016-11-24 15:28:41 +01:00
Marc-André Moreau
36db0cc325 channels: properly handle VirtualChannelEntryEx in static virtual channel loading 2016-11-16 09:52:24 -05:00
Armin Novak
5bc691c79d Improved error handling if channel is missing. 2016-10-27 14:41:05 +02:00
Armin Novak
14fcfbbf31 Addin loader using proper function pointer defines. 2016-10-07 14:06:46 +02:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Armin Novak
eacf2b542e Fixed memory leaks. 2016-05-12 10:01:30 +02:00
Marc-André Moreau
e4714f3422 freerdp: fix Hyper-V connectivity, fix issues #2421 and #3325 2016-05-11 15:52:36 -04:00
Armin Novak
53445768ed Added command line option /cert-tofu 2016-03-31 12:16:55 +02:00
Bernhard Miklautz
a0d9969a30 Merge pull request #3254 from akallabeth/avc444_cmd_arg
Added advanced gfx command line options.
2016-03-31 11:43:38 +02:00
Bernhard Miklautz
9e8c6c99b6 First shot on fixing over linking
If a target is linked against libraries with cmake
(target_link_libraries) and the libraries are not marked as PRIVATE
they are "exported" and in case a other target is linked against this
target it is also linked against *all* (not private) libraries.

Without declaring private libraries PRIVATE a lot of over linking
(linking against unneeded libraries) was done.
2016-03-29 18:14:34 +02:00
Armin Novak
50873be062 Added advanced gfx command line options. 2016-03-24 16:36:43 +01:00
Armin Novak
2208a84cd4 Moved assistance to winpr crypto. 2016-03-07 11:51:13 +01:00
Armin Novak
dccf40c2bc Fixed duplicate loading of smartcard and printers. 2016-02-26 15:21:11 +01:00
Armin Novak
fe8f5dee82 Fixed indentation. 2016-02-26 09:32:17 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
4ca6b9bf10 Unified random functions and remaining MD5. 2016-02-24 20:41:01 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Armin Novak
74c15a6309 Fixed freerdp_assistance_file_new argument declaration 2015-12-14 14:18:50 +01:00
Bernhard Miklautz
d73c4898c1 Add build-config.h
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.

For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
Armin Novak
a8cd9e0138 Fixed resource leak. 2015-08-28 10:53:43 +02:00
Armin Novak
80ba4643dc Fixed cleanup of resources, only in error case now. 2015-06-24 14:59:59 +02:00
Armin Novak
c78b6f38ab Fixed cleanup of MachineAddresses and MachinePorts. 2015-06-24 12:14:06 +02:00
Armin Novak
4c9ee07eb6 Fixed sizeof misuse. 2015-06-24 10:02:30 +02:00
Armin Novak
6698e24228 Fixed leaks, NULL dereferences and broken init. 2015-06-23 21:29:21 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
David FORT
a9709a62cc Check some return values 2015-05-29 14:24:14 +02:00
Marc-André Moreau
35e26020aa freerdp: patch multiple leaks and OOM errors 2015-05-22 14:14:57 -04:00